This posting is here to collect cyber security news in February 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
373 Comments
Tomi Engdahl says:
New York Investigating Apple’s Response to FaceTime Spying Bug
https://www.securityweek.com/new-york-investigating-apples-response-facetime-spying-bug
New York authorities have announced the launch of an investigation into the recently disclosed FaceTime vulnerability that can be exploited to spy on users. The probe focuses on Apple’s failure to warn customers and the company’s slow response.
Videos and posts describing the flaw started making rounds earlier this week on social media websites. The mother of a 14-year-old from Arizona claimed her son had identified the bug and that they had attempted to inform Apple more than 10 days before details of the hack became public. She claimed the tech giant ignored their responsible disclosure attempts, which included calls, messages on social media, emails and even faxes.
The vulnerability is easy to exploit and it does not require any technical knowledge. The attacker simply calls the targeted user via FaceTime and then immediately initiates a group chat by using the “Add person” button from the bottom of the screen. If the attacker adds their own number to the group chat they start hearing what the victim says even if they haven’t actually answered the call.
Tomi Engdahl says:
GPS watch issues… AGAIN
https://www.pentestpartners.com/security-blog/gps-watch-issues-again/
Over the last year of looking at kids GPS tracking watches we have found some staggering issues. With these devices it almost seems that having multiple security issues is the new normal.
While parents and guardians may get a feeling of security from using these devices, our testing and research shows it’s just that, a “feeling”.
A couple of years ago we bought and reviewed a number of smart kids tracker watches, including some Gator watches from TechSixtyFour.
Tomi Engdahl says:
Hacker Who Stole $5 Million By SIM Swapping Gets 10 Years in Prison
https://motherboard.vice.com/amp/en_us/article/gyaqnb/hacker-joel-ortiz-sim-swapping-10-years-in-prison?__twitter_impression=true
A 20-year-old college student who was accused of stealing more than $5 million in cryptocurrency in a slew of SIM hijacking attacks is the first person to be sentenced for the crime.
Tomi Engdahl says:
A consumer DNA testing company has given the FBI access to its two million profiles
https://www.technologyreview.com/the-download/612875/a-consumer-dna-testing-company-has-given-the-fbi-access-to-its-two-million/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=facebook
A large consumer DNA test database, Family Tree DNA, has quietly started allowing the FBI to upload genetic profiles created from crime scenes and corpses, according to BuzzFeed.
One Of The Biggest At-Home DNA Testing Companies Is Working With The FBI
https://www.buzzfeednews.com/article/salvadorhernandez/family-tree-dna-fbi-investigative-genealogy-privacy
The move is sure to raise privacy concerns as law enforcement gains the ability to match DNA from crime scenes to a vast library of possible relatives.
Tomi Engdahl says:
“A FUNDAMENTALLY ILLEGITIMATE CHOICE”: SHOSHANA ZUBOFF ON THE AGE OF SURVEILLANCE CAPITALISM
https://theintercept.com/2019/02/02/shoshana-zuboff-age-of-surveillance-capitalism/
“The Age of Surveillance Capitalism,” named for the now-popular term Zuboff herself coined five years ago, is also a masterwork of horror. It’s hard to recall a book that left me as haunted as Zuboff’s, with its descriptions of the gothic algorithmic daemons that follow us at nearly every instant of every hour of every day to suck us dry of metadata. Even those who’ve made an effort to track the technology that tracks us over the last decade or so will be chilled to their core by Zuboff, unable to look at their surroundings the same way.
An unavoidable takeaway of “The Age of Surveillance Capitalism” is, essentially, that everything is even worse than you thought.
a global system designed to violate you as a revenue stream. “The result is that both the world and our lives are pervasively rendered as information,” Zuboff writes.
Tech’s privacy scandals, which seem to appear with increasing frequency both in private industry and in government, aren’t isolated incidents, but rather brief glimpses at an economic and social logic that’s overtaken the planet while we were enjoying Gmail and Instagram. The cliched refrain that if you’re “not paying for a product, you are the product”? Too weak, says Zuboff. You’re not technically the product, she explains over the course of several hundred tense pages, because you’re something even more degrading: an input for the real product, predictions about your future sold to the highest bidder so that this future can be altered.
Tomi Engdahl says:
POLICE SAID YOU COULD SKIP PUBLIC FACIAL RECOGNITION. THEY LIED.
https://futurism.com/the-byte/facial-recognition-red-flags-police-lied
In December, London’s Metropolitan Police Service (the Met) announced plans to use facial recognition technology to scan people’s faces during a public pilot program.
“Anyone who declines to be scanned during the deployment will not be viewed as suspicious by police officers,” the Met wrote in its announcement of the program.
“There must be additional information available to support such a view.”
But based on a story published in The Independent on Friday, that turned out to be a lie.
Police stop people for covering their faces from facial recognition camera then fine man £90 after he protested
https://www.independent.co.uk/news/uk/crime/facial-recognition-cameras-technology-london-trial-met-police-face-cover-man-fined-a8756936.html?utm_source=reddit.com
Tomi Engdahl says:
Security firm identifies hacker behind Collection 1 leak, as Collection 2-5 become public
https://www.zdnet.com/google-amp/article/security-firm-identifies-hacker-behind-collection-1-leak-as-collection-2-5-become-public/
Billions of users records continue to leak. Some data leaked years before, some of it is new.
The company’s experts believe a hacker going online by the pseudonym of “C0rpz” is the person who rigorously and meticulously collected billions of user records over the past three years. This includes records from companies that were hacked in the past and whose data was posted or sold online.
Tomi Engdahl says:
Indian state government leaks thousands of Aadhaar numbers
https://techcrunch.com/2019/01/31/aadhaar-data-leak/?sr_share=facebook&utm_source=tcfbpage
Another security lapse involving India’s national identity system
A lapse in security has led to the leaking of more than 100,000 Aadhaar numbers, TechCrunch can reveal.
One of the web systems used to record attendance of government workers for the Indian state of Jharkhand was left exposed and without a password as far back as 2014, allowing anyone access to names, job titles, and partial phone numbers on 166,000 workers as of the time of writing.
Tomi Engdahl says:
Everything you need to know about Facebook, Google’s app scandal
https://techcrunch.com/2019/02/01/facebook-google-scandal/?sr_share=facebook&utm_source=tcfbpage
Tomi Engdahl says:
13 quotes from George Orwell’s 1984 that resonate more than ever
https://inktank.fi/13-quotes-from-george-orwells-1984-that-resonate-more-than-ever/
Tomi Engdahl says:
Former NSA Cyberspies Reveal How They Helped Hack Foes of UAE
https://www.newsmax.com/t/newsmax/article/900772/16
her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.
Read Newsmax: Former NSA Cyberspies Reveal How They Helped Hack Foes of UAE
Tomi Engdahl says:
https://semiengineering.com/week-in-review-iot-security-auto-30/
Arm is working with UK Research and Innovation, a government-backed organization, on enhancing cybersecurity resilience in the U.K. The government has just approved £70 million (about $91.7 million) in new funding for the Digital Security by Design project backed by UKRI’s Industrial Strategy Challenge Fund.
Things are going from bad to worse for Huawei Technologies. The U.S. government is trying to convince its allies in Asia and Europe from using Huawei equipment in their networks, especially in the new infrastructure for 5G cellular communications.
Cujo AI of El Segundo, Calif., released a report revealing results of an online survey it conducted among more than 2,000 U.S. users of the company’s Internet Security Firewall. Nearly 90% of respondents said they think cybercrime risks are increasing; 41.3% know someone affected by cybercrime; and about one-quarter of the respondents said they have been a cybercrime victim. While 59.1% feel “well-informed” about cyberthreats, 51.2% don’t think they can fully protect themselves.
Malwarebytes Labs, a security firm, reports that backdoor and trojan attacks are on the rise, overtaking ransomware attacks as the chief types of cyberattacks.
The ”Collection #1” trove of purloined email addresses, unique usernames, and related passwords was just the beginning. That hacker database has metastasized into multiple collections, encompassing 25 billion records in 845 gigabytes of stolen data.
Tomi Engdahl says:
ARM
Supporting the UK in becoming a leading global player in cybersecurity
https://community.arm.com/company/b/blog/posts/supporting-the-uk-in-becoming-a-leading-global-player-in-cybersecurity
By the turn of 2019, Arm technologies had shipped in more than 130 billion silicon chips, making the Arm architecture the most widely-deployed advanced instruction set ever. It’s a constant source of pride, especially for me as chief Arm architect, as there really isn’t a sector – business, industrial or consumer – that Arm chips aren’t deployed in today.
But, as we all know, you’re only ever as good as your next project – so it’s vitally important for us to remain as focused on Year 29 as we were on Year 1.
Working with the British Government to enhance Cybersecurity
The threat to the security of digital systems is constantly-evolving, and Arm has been working with British Government-backed UK Research and Innovation (UKRI) on efforts to enhance homegrown cyber resilience.
Tomi Engdahl says:
APT Malware LOLBins & GTFOBins Attack users by Evading the Security Sysem
https://gbhackers.com/apt-malware-lolbins-gtfobins-attack-users-by-evading-the-security-sysem/
Earlier time, cybercriminals depend more on the malware files, scripts, VBscripts to achieve their course of action. Modern ay cyber threat actors, depends more on abusing the genuine windows system files and achieve their goal in persistence, defense evasion, lateral movement and more.
In every system, there are Trusted Binaries, Scripts and Library files are available for the purpose of system communications. But cybercriminals use this genuine utility in such a way where the defense systems fail to stop this behavior. These binaries, scripts, and libraries cannot be blocked since they are valid and might leads to system crash if they are deleted.
Tomi Engdahl says:
Sofacy’s Zepakab Downloader Spotted In-The-Wild
https://blog.yoroi.company/research/sofacys-zepakab-downloader-spotted-in-the-wild/
In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign discovered in January 2019. The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further analysis.
Tomi Engdahl says:
Bug-hunter faces jail for vulnerability reports, DuckDuckPwn (almost), family spied on via Nest gizmo, and more
https://www.theregister.co.uk/2019/02/02/security_roundup_010219/
Your rapid-fire guide to all the other infosec news of the week
Tomi Engdahl says:
DHS Cyber Hunt Teams to Be Authorized by Reintroduced Bipartisan Bill
https://www.bleepingcomputer.com/news/legal/dhs-cyber-hunt-teams-to-be-authorized-by-reintroduced-bipartisan-bill/
The bipartisan Department of Homeland Security (DHS) Cyber Hunt and Incident Response Teams Act which would require the DHS to authorize “cyber incident response” and “cyber hunt” teams was reintroduced on January 31.
Tomi Engdahl says:
Sextortion Scam Stating Xvideos Was Hacked to Record You Through Webcam
https://www.bleepingcomputer.com/news/security/sextortion-scam-stating-xvideos-was-hacked-to-record-you-through-webcam/
A sextortion scam variant is going around that states the popular adult site called Xvideos.com was hacked to include malicious script that records a visitor through their webcam and sends it to the hacker. The scam emails also states that this script was able to connect back to the visitors computer to steal their data and contacts.
This variant of the sextortion scam has been under way for about a month now
As these scams have been extremely profitable, with attackers earning as much as $50k in a week with little or not cost to spam them out, we should not expect to see them stop any time soon.
Tomi Engdahl says:
U.S. Energy Firm Fined $10 Million for Security Failures
https://www.securityweek.com/us-energy-firm-fined-10-million-security-failures
A US energy company, identified by some media reports as Duke Energy, received a $10 million fine from the North American Electric Reliability Corporation (NERC) for nearly 130 violations of the Critical Infrastructure Protection (CIP) standards.
Tomi Engdahl says:
Malicious Hackers Can Abuse Siri Shortcuts: IBM
https://www.securityweek.com/malicious-hackers-can-abuse-siri-shortcuts-ibm
The Siri Shortcuts that Apple introduced in iOS 12 can be abused by attackers for malicious purposes, IBM’s security researchers have discovered.
Tomi Engdahl says:
UK Data Watchdog Fines Leave.EU, Eldon Insurance
https://www.securityweek.com/uk-data-watchdog-fines-leaveeu-eldon-insurance
The UK data protection regulator (the Information Commissioner’s Office – ICO) launched a wide-ranging investigation into the use of personal information for political purposes following the Facebook/Cambridge Analytica affair. It resulted in the publication of a lengthy report titled ‘Democracy disrupted? Personal information and political influence’ in July 2018, and a fine on Facebook set at the maximum amount possible – £500,000 ($645,000).
In one sense, the Facebook fine was a side-effect. The ICO’s primary intention was to investigate the possible misuse of personal information by the Leave campaign ahead of the Brexit referendum within the UK. This investigation has continued.
Tomi Engdahl says:
Apple Partially Fixes FaceTime Spying Bug
https://www.securityweek.com/apple-partially-fixes-facetime-spying-bug
Apple reported on Friday that the FaceTime spying bug that has been making headlines in the past days has been partially fixed, but users will have to wait until next week for a software update.
According to Apple, a server-side patch has been implemented, but the application update that re-enables the Group FaceTime feature will only be rolled out next week. The company initially promised to patch the flaw this week.
Tomi Engdahl says:
Israel Seeks to Beat Election Cyber Bots
https://www.securityweek.com/israel-seeks-beat-election-cyber-bots
Tomi Engdahl says:
New York Investigating Apple’s Response to FaceTime Spying Bug
https://www.securityweek.com/new-york-investigating-apples-response-facetime-spying-bug
New York authorities have announced the launch of an investigation into the recently disclosed FaceTime vulnerability that can be exploited to spy on users. The probe focuses on Apple’s failure to warn customers and the company’s slow response.
Tomi Engdahl says:
Facebook Takes Down Vast Iran-led Manipulation Campaign
https://www.securityweek.com/facebook-takes-down-vast-iran-led-manipulation-campaign
Tomi Engdahl says:
GitHub Helps Developers Keep Dependencies Secure via Dependabot
https://www.securityweek.com/github-helps-developers-keep-dependencies-secure-dependabot
Microsoft-owned GitHub informed developers on Thursday that they can easily ensure that the dependencies used by their applications are always secure and up to date through an integration of its Security Advisory API with Dependabot.
Created by London-based developer Grey Baker, Dependabot is a management tool that helps GitHub users keep their dependencies up to date. The tool checks a user’s dependency files every day and creates pull requests in case an update is available. Users can manually review the requests and merge them, or they can configure Dependabot for automatic merger based on certain criteria.
https://github.com/marketplace/dependabot
Tomi Engdahl says:
Firms That Sold Fake Social Media Activity Settle With New York State
https://www.securityweek.com/firms-sold-fake-social-media-activity-settle-new-york-state
Tomi Engdahl says:
Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware
https://threatpost.com/chafer-iran-apt-malware/141420/
The Remexi spyware has been improved and retooled.
An Iran-linked APT known as Chafer has been targeting various entities based in Iran with an enhanced version of a custom malware. Meanwhile the victimology suggests the threat group is waging a cyber-espionage operation against diplomats there.
It’s a spyware, capable of exfiltrating keystrokes, screenshots and browser-related data like cookies and history.
Tomi Engdahl says:
Recent antivirus tests are bad news for paid security suites
https://www.pcworld.com/article/3336142/software/recent-antivirus-tests-are-bad-news-for-paid-security-suites.html
Paid security suites offer a variety of services, but their basic AV capabilities are being equaled by free apps.
Tomi Engdahl says:
Cyber criminals intercept codes used for banking – to empty your accounts
https://www.kaspersky.com/blog/ss7-hacked/25529/
Two factor authentication (2FA) is a method widely used by the financial institutions worldwide to keep their customers’ money safe: you know, those short 4-6-digit codes you receive from your bank that you have to input to approve a transaction. Usually, banks send those one-time passwords in SMS text messages. Unfortunately, SMS is one of the weakest ways to implement 2FA, as text messages can be intercepted. And that is what has just happened in the UK.
Tomi Engdahl says:
250 Webstresser Users to Face Legal Action
https://krebsonsecurity.com/2019/02/250-webstresser-users-to-face-legal-action/
More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union’s law enforcement agency.
Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks.
“Size does not matter – all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,” Europol officials warned.
The focus on Webstresser’s customers is the latest phase of “Operation Power Off,” which targeted one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks.
Tomi Engdahl says:
What can organizations learn from military cyberdefense?
https://www.pandasecurity.com/mediacenter/tips/military-cyberdefense-for-companies%EF%BB%BF/
Tomi Engdahl says:
New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets
https://thehackernews.com/2019/02/mac-malware-cryptocurrency.html
Tomi Engdahl says:
Four new caches of stolen logins put Collection #1 in the shade
https://www.welivesecurity.com/2019/02/01/four-new-caches-of-stolen-logins-put-collection-1-in-the-shade/
The recently discovered tranches of stolen login credentials freely floating around the internet total 2.2 billion records
Tomi Engdahl says:
Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
We discovered several beauty camera apps (detected as AndroidOS_BadCamera.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes. Some of these have already been downloaded millions of times, which is unsurprising given the popularity of these kinds of apps. A large number of the download counts originated from Asia — particularly in India.
Infected Apps in the Google Play Store Turn Android Phones into Porn Hubs
Security company warns of malicious apps in the store
https://news.softpedia.com/news/infected-apps-in-the-google-play-store-turn-android-phones-into-porn-hubs-524776.shtml
Tomi Engdahl says:
Hacker spoke to baby, hurled obscenities at couple using Nest camera, dad says
https://www.cbsnews.com/news/nest-camera-hacked-hacker-spoke-to-baby-hurled-obscenities-at-couple-using-nest-camera-dad-says/
An Illinois couple said a hacker spoke to their baby through one of their Nest security cameras and then later hurled obscenities at them, CBS station WBBM-TV reports. Arjun Sud told the station he was outside his 7-month-old son’s room Sunday outside Chicago and he heard someone talking.
“I was shocked to hear a deep, manly voice talking,” Sud said. “… My blood ran cold.”
Sud told WBBM-TV he thought the voice was coming over the baby monitor by accident. But it returned when he and his wife were downstairs.
The voice was coming from another of the many Nest cameras throughout the couple’s Lake Barrington house.
The Suds disconnected the cameras they have inside their house and called Nest and the police. Arjun Sud said the company urged him to use two-factor authentication
The Suds’ experience comes after another harrowing incident involving a hacked Nest camera. A California family was alarmed when someone used their camera’s speaker to warn of an impending missile strike from North Korea and to take cover, CBS News correspondent Anna Werner reported.
Nest’s parent company, Google, said in a statement that Nest’s system was not breached. Google said the recent incidents stem from customers “using compromised passwords … exposed through breaches on other websites.”
Tomi Engdahl says:
TheMoon Rises Again, With a Botnet-as-a-Service Threat
https://threatpost.com/themoon-botnet-as-a-service/141393/
A new module allows it to be rented to other malicious actors — and it’s likely other new capabilities are coming down the pike.
TheMoon, an IoT botnet targeting home routers and modems, is entering a new phase, as it were: It has added a previously undocumented module that allows it to be sold as-a-service to other malicious actors.
This has already had significant real-world consequences, according to CenturyLink Threat Research Labs, with the detection of a video ad fraud operator using TheMoon on a single server to impact 19,000 unique URLs on 2,700 unique domains over a six-hour period. It has also been seen being used for credential brute-forcing, general traffic obfuscation and more.
Tomi Engdahl says:
True crime: SamSam ransomware I am
https://www.scmagazine.com/home/security-news/true-crime-samsam-ransomware-i-am/
It was one for the books – a mysterious cyberattack laying waste to systems in the city of Atlanta before moving on to a wide swath of targets, including health care companies, the Port of San Diego, the Colorado Department of Transportation.
March 22, 2018 – Workers arriving in various departments in the city of Atlanta detect “outages on various internal and customer facing applications, including some applications that customers use to pay bills or access court-related information,” according to city officials.
Hours, maybe minutes, into the Atlanta fiasco, it was clear the attack was the work of an old foe, SamSam ransomware, which had wreaked havoc on city networks from Georgia to Indiana to Colorado, as well as hospitals and other public- and private-sector enterprises, as a California port was about to find out.
Tomi Engdahl says:
Chinese bank’s software chief jailed after finding way to withdraw US$1m in ‘free’ cash from ATMs
https://beta.scmp.com/news/china/society/article/2184883/chinese-banks-software-chief-jailed-after-finding-way-withdraw
Programmer told bosses he was testing its security system and the money he had taken was just resting in his account
Flaw in system meant that withdrawals made around midnight were not recorded in the system
Tomi Engdahl says:
Understanding Ubiquiti Discovery Service Exposures
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/
On Jan. 29, the Rapid7 Labs team was informed of an interesting tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service (DoS) attacks using a service on 10001/UDP. Quick sleuthing by the security community showed that this issue has been brewing since the summer of 2018. Ubiquiti recently acknowledged that this was an issue, has released a workaround, and is in the process of putting together an official fix.
Tomi Engdahl says:
$145 million funds frozen after death of cryptocurrency exchange admin
https://www.zdnet.com/article/145-million-funds-frozen-after-death-of-cryptocurrency-exchange-admin/
Highly unlikely that the exchange and its users will ever get access to these funds ever again.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/ala-missaan-tapauksessa-klikkaa-wfi256tgh-on-kallis-tilausansa-6757061
Tomi Engdahl says:
Chrome to Display Warnings About Similar or Lookalike URLs
https://www.bleepingcomputer.com/news/software/chrome-to-display-warnings-about-similar-or-lookalike-urls/
Google is adding a new feature to Google Chrome that will warn users about similar, or lookalike, URLs that a user may visit thinking they are going to the normal site. This feature is designed to warn users when they visit typosquatting domains, IDN Homograph unicode attacks, scams, and phishing sites.
Tomi Engdahl says:
Erik Schatzker / Bloomberg:
How a US-based manufacturer of an “indestructible” smartphone screen helped FBI in its Huawei sting after the Chinese giant allegedly tried to steal its secrets — The sample looked like an ordinary piece of glass, 4 inches square and transparent on both sides.
Huawei Sting Offers Rare Glimpse of the U.S. Targeting a Chinese Giant
https://www.bloomberg.com/news/features/2019-02-04/huawei-sting-offers-rare-glimpse-of-u-s-targeting-chinese-giant
Diamond glass could make your phone’s screen nearly unbreakable—and its inventor says the FBI enlisted him after Huawei tried to steal his secrets.
Tomi Engdahl says:
Aaron van Wirdum / Bitcoin Magazine:
Chainalysis: two hacker groups are responsible for almost 60% of publicly reported cryptocurrency hacks and stole around $1B to date
Chainalysis Report: Two Groups Responsible for Most Publicly Reported Hacks
https://bitcoinmagazine.com/articles/chainalysis-report-two-groups-responsible-most-publicly-reported-hacks/#1549061135
Two “prominent professional hacking groups” are responsible for the majority of publicly reported hacks of cryptocurrency exchanges and other cryptocurrency organizations, concludes a report published by blockchain data analytics firm Chainalysis this week. According to the report, simply called the Crypto Crime Report, the groups generated around $1 billion of hacking revenues for themselves so far.
“Hacking dwarfs all other forms of crypto crime, and it is dominated by two prominent, professional hacking groups,” the report states. “Together, these two groups are responsible for stealing around $1 billion to date, at least 60% of all publicly reported hacks.”
Tomi Engdahl says:
BBC:
UK police seize 60+ devices suspected of being used in attacks by Webstresser, a now-shuttered DDoS service, and plans action against 400+ Webstresser customers
Police raids target ‘hundreds of UK web attackers’
https://www.bbc.com/news/technology-47117499?ocid=socialflow_twitter
UK police have seized more than 60 computers and other gadgets suspected of being used to carry out web attacks.
The raids were part of an international operation targeting customers of Webstresser, which Europol calls the “world’s biggest marketplace” for distributed denial of service attacks.
The site was shut down and its suspected operators arrested in April.
The National Crime Agency (NCA) said it planned further action against another 400 suspected UK Webstresser customers.
Tomi Engdahl says:
Bloomberg:
In a Russian filing, Apple says it stores user data including names, addresses, email addresses, and phone numbers on Russian servers to comply with a local law
Apple Says Its Storing Some Russian User Data on Russian Servers
https://www.bloomberg.com/news/articles/2019-02-04/apple-filing-details-user-data-the-company-is-storing-in-russia
Tomi Engdahl says:
Attackers Use CoAP for DDoS Amplification
https://www.securityweek.com/attackers-use-coap-ddos-amplification
Attackers recently started abusing the Constrained Application Protocol (CoAP) for the reflection/amplification of distributed denial of service (DDoS) attacks, NETSCOUT warns.
CoAP is a simple UDP protocol designed for low-power computers on unreliable networks that appears similar to HTTP, but which operates over UDP (User Datagram Protocol) port 5683. The protocol is mainly used by mobile phones in China, but is also present in Internet of Things (IoT) devices.
A DDoS attack leveraging CoAP begins with scans for devices that can be abused, and continues with a flood of packets spoofed with the source address of their target. At the moment, the attackers appear to have only basic knowledge of the protocol, but attacks could become more sophisticated.
Tomi Engdahl says:
1,3 terabitin hyökkäys pysäyttäisi Suomen
http://www.etn.fi/index.php/13-news/9041-1-3-terabitin-hyokkays-pysayttaisi-suomen
Erikssonin mukaan riittävän iso jaettu palvelunesto- eli DDoS-hyökkäys käytännössä halvaannuttaisi Suomen. Tähän tarvitaan noin 1,3 terabitin verran dataa sekunnissa. Kun DDoS-dataa liikkuu koko ajan noin terabitin verran – ja määrä kasvaa koko ajan – voidaan haittahyökkäyksillä jo nyt saada valtio polvilleen.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2019/02/05/tosibox-palkkasi-nixulta-teknologiaosaajan/